[Dataloss] OK: OKC buyer finds sensitive information on server
Michael Hill, CITRMS
mhill at idtexperts.com
Wed May 21 19:16:36 UTC 2008
http://www.tulsaworld.com/news/article.aspx?articleID=20080521_12_OKLAH32253
OKLAHOMA CITY -- The Oklahoma Corporation Commission is removing hard drives from all surplus computer equipment after a server containing the names and Social Security numbers of thousands of residents was sold at an auction recently.
Oklahoma City resident Joe Sills discovered more than 5,000 Social Security numbers after purchasing the server and other surplus state computer equipment at an auction last month.
Sills was testing the equipment recently when he found the data in a file on the server. He said he is outraged that the state didn't erase the server's memory.
"People's identities are at risk," he said.
The server had been used by the state Tax Commission and, most recently, the Corporation Commission.
The Social Security numbers are likely tied to trucking industry data kept on the server by both agencies, Corporation Commission spokesman Matt Skinner said.
Since the Corporation Commission is now removing hard drives from computer equipment it sends to state auctions, people who buy the equipment will have to provide their own hard drives, Skinner said. It will keep accidental sensitive information leaks from happening again, he said.
State policy requires sensitive information to be erased from surplus equipment before it is auctioned, state Department of Central Services spokeswoman Gerry Smedley said. Erasing sensitive data is the responsibility of the agencies that owned the equipment.
--------------------------------------------------------------------------------
Michael Hill
Certified Identity Theft Risk Management Specialist
IDT Consultants
404-216-3751
"If You Think You're Not At Risk, Think Again!"
NOTICE:
This email and any attachment to it is confidential and protected by law and intended for the use of the individual(s) or entity named on the email. This information and all email information from the sender is not legal advice nor legal representation and should not be construed as legal advice nor legal representation. Check with your attorney in your State for legal advice. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination or distribution of this communication is prohibited. If you have received this communication in error, please notify the sender via return email and delete it completely from your email system. If you have printed a copy of the email, please destroy it immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20080521/a017eac7/attachment.html
More information about the Dataloss
mailing list